KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks

Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clementine Lucie Noemie Maurice, Raphael Spreitzer, Stefan Mangard

Research output: Research - peer-reviewConference contribution

Abstract

Besides cryptographic secrets, software-based side-channel attacks also leak sensitive user input. The most accurate attacks exploit cache timings or interrupt information to monitor keystroke timings and subsequently infer typed words and sentences. These attacks have also been demonstrated in JavaScript embedded in websites by a remote attacker. We extend the state-of-the-art with a new interrupt-based attack and the first Prime+Probe attack on kernel interrupt handlers. Previously proposed countermeasures fail to prevent software-based keystroke timing attacks as they do not protect keystroke processing through the entire software stack.

We close this gap with KeyDrown, a new defense mechanism against software-based keystroke timing attacks. KeyDrown injects a large number of fake keystrokes in the kernel, making the keystroke interrupt density uniform over time, i.e., independent of the real keystrokes. All keystrokes, including fake keystrokes, are carefully propagated through the shared library to make them indistinguishable by exploiting the specific properties of software-based side channels. We show that attackers cannot distinguish fake keystrokes from real keystrokes anymore and we evaluate KeyDrown on a commodity notebook as well as on Android smartphones. We show that KeyDrown eliminates any advantage an attacker can gain from using software-based side-channel attacks.
LanguageEnglish
Title of host publicationNetwork and Distributed System Security Symposium 2018
Pages15
StatusPublished - 18 Feb 2018
EventNetwork and Distributed System Security Symposium 2018 - Catamaran Resort Hotel and Spa, San Diego, United States
Duration: 18 Feb 201821 Feb 2018
https://www.ndss-symposium.org/ndss2018

Conference

ConferenceNetwork and Distributed System Security Symposium 2018
Abbreviated titleNDSS'18
CountryUnited States
CitySan Diego
Period18/02/1821/02/18
Internet address

Fingerprint

Smartphones
Websites
Side channel attack
Processing
Android (operating system)

Cite this

Schwarz, M., Lipp, M., Gruss, D., Weiser, S., Maurice, C. L. N., Spreitzer, R., & Mangard, S. (2018). KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. In Network and Distributed System Security Symposium 2018 (pp. 15)

KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. / Schwarz, Michael; Lipp, Moritz; Gruss, Daniel; Weiser, Samuel; Maurice, Clementine Lucie Noemie; Spreitzer, Raphael; Mangard, Stefan.

Network and Distributed System Security Symposium 2018. 2018. p. 15.

Research output: Research - peer-reviewConference contribution

Schwarz, M, Lipp, M, Gruss, D, Weiser, S, Maurice, CLN, Spreitzer, R & Mangard, S 2018, KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. in Network and Distributed System Security Symposium 2018. pp. 15, Network and Distributed System Security Symposium 2018, San Diego, United States, 18/02/18.
Schwarz M, Lipp M, Gruss D, Weiser S, Maurice CLN, Spreitzer R et al. KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. In Network and Distributed System Security Symposium 2018. 2018. p. 15.
Schwarz, Michael ; Lipp, Moritz ; Gruss, Daniel ; Weiser, Samuel ; Maurice, Clementine Lucie Noemie ; Spreitzer, Raphael ; Mangard, Stefan. / KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. Network and Distributed System Security Symposium 2018. 2018. pp. 15
@inbook{f5fad13c19194faea682f2652f29f988,
title = "KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks",
abstract = "Besides cryptographic secrets, software-based side-channel attacks also leak sensitive user input. The most accurate attacks exploit cache timings or interrupt information to monitor keystroke timings and subsequently infer typed words and sentences. These attacks have also been demonstrated in JavaScript embedded in websites by a remote attacker. We extend the state-of-the-art with a new interrupt-based attack and the first Prime+Probe attack on kernel interrupt handlers. Previously proposed countermeasures fail to prevent software-based keystroke timing attacks as they do not protect keystroke processing through the entire software stack.We close this gap with KeyDrown, a new defense mechanism against software-based keystroke timing attacks. KeyDrown injects a large number of fake keystrokes in the kernel, making the keystroke interrupt density uniform over time, i.e., independent of the real keystrokes. All keystrokes, including fake keystrokes, are carefully propagated through the shared library to make them indistinguishable by exploiting the specific properties of software-based side channels. We show that attackers cannot distinguish fake keystrokes from real keystrokes anymore and we evaluate KeyDrown on a commodity notebook as well as on Android smartphones. We show that KeyDrown eliminates any advantage an attacker can gain from using software-based side-channel attacks.",
author = "Michael Schwarz and Moritz Lipp and Daniel Gruss and Samuel Weiser and Maurice, {Clementine Lucie Noemie} and Raphael Spreitzer and Stefan Mangard",
year = "2018",
month = "2",
pages = "15",
booktitle = "Network and Distributed System Security Symposium 2018",

}

TY - CHAP

T1 - KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks

AU - Schwarz,Michael

AU - Lipp,Moritz

AU - Gruss,Daniel

AU - Weiser,Samuel

AU - Maurice,Clementine Lucie Noemie

AU - Spreitzer,Raphael

AU - Mangard,Stefan

PY - 2018/2/18

Y1 - 2018/2/18

N2 - Besides cryptographic secrets, software-based side-channel attacks also leak sensitive user input. The most accurate attacks exploit cache timings or interrupt information to monitor keystroke timings and subsequently infer typed words and sentences. These attacks have also been demonstrated in JavaScript embedded in websites by a remote attacker. We extend the state-of-the-art with a new interrupt-based attack and the first Prime+Probe attack on kernel interrupt handlers. Previously proposed countermeasures fail to prevent software-based keystroke timing attacks as they do not protect keystroke processing through the entire software stack.We close this gap with KeyDrown, a new defense mechanism against software-based keystroke timing attacks. KeyDrown injects a large number of fake keystrokes in the kernel, making the keystroke interrupt density uniform over time, i.e., independent of the real keystrokes. All keystrokes, including fake keystrokes, are carefully propagated through the shared library to make them indistinguishable by exploiting the specific properties of software-based side channels. We show that attackers cannot distinguish fake keystrokes from real keystrokes anymore and we evaluate KeyDrown on a commodity notebook as well as on Android smartphones. We show that KeyDrown eliminates any advantage an attacker can gain from using software-based side-channel attacks.

AB - Besides cryptographic secrets, software-based side-channel attacks also leak sensitive user input. The most accurate attacks exploit cache timings or interrupt information to monitor keystroke timings and subsequently infer typed words and sentences. These attacks have also been demonstrated in JavaScript embedded in websites by a remote attacker. We extend the state-of-the-art with a new interrupt-based attack and the first Prime+Probe attack on kernel interrupt handlers. Previously proposed countermeasures fail to prevent software-based keystroke timing attacks as they do not protect keystroke processing through the entire software stack.We close this gap with KeyDrown, a new defense mechanism against software-based keystroke timing attacks. KeyDrown injects a large number of fake keystrokes in the kernel, making the keystroke interrupt density uniform over time, i.e., independent of the real keystrokes. All keystrokes, including fake keystrokes, are carefully propagated through the shared library to make them indistinguishable by exploiting the specific properties of software-based side channels. We show that attackers cannot distinguish fake keystrokes from real keystrokes anymore and we evaluate KeyDrown on a commodity notebook as well as on Android smartphones. We show that KeyDrown eliminates any advantage an attacker can gain from using software-based side-channel attacks.

M3 - Conference contribution

SP - 15

BT - Network and Distributed System Security Symposium 2018

ER -